In the world of Cybersecurity today, everybody basically throws
in their two cents of advice of what to do.
Heck, even I do it. You hear it
all from calculating your levels of Cyber Risk and Resiliency, to figuring out
how Cyber Hygiene you are, how to best implement controls, the top 5 best
practices for this and that, blah, blah, blah.
But the one thing you don’t typically hear about is how wide
your attack surface actually is.
What is it exactly, you may be asking? It can be technically defined as follows:
“The attack surface is the number of all possible
points, or attack vectors, where an unauthorized user can access a system and
extract data. The smaller the attack surface, the easier it is to protect. Organizations
must constantly monitor their attack surface to identify and block
potential threats as quickly as possible. They also must try and minimize the
attack surface area to reduce the risk of cyberattacks succeeding. However,
doing so becomes difficult as they expand their digital footprint and embrace
new technologies.”
(SOURCE: https://www.fortinet.com/resources/cyberglossary/attack-surface).
So as you can see from the definition, your attack surface
is pretty much your entire IT/Network Infrastructure, and all of the weak spots
in them. Yes, even those points that are
fortified can still be considered as part of the Attack Surface, because a good
Cyberattacker can always find a way in.
An example of this is an On Prem Infrastructure. All of the servers, workstations, devices, as
well as physical and digital assets are the Attack Surface.
So imagine your entire office, and there you have it. But now that the Cloud has taken hold of Corporate
America, the Attack Surface becomes much murkier. For example, just because you think you have
a dedicated Private Cloud, that that is only your total surface.
You probably have shared resources with other Cloud tenants
that you don’t even know about, and if something happens to them, it could also
roll over to your deployments as well.
For example, even with your own Cloud Deployment, you will
be moving all kinds of resources and workloads around. Heck, you may even be store all of your Virtual
Machines (VMs) in different data centers dispersed throughout the world. While the purpose of doing this is primarily
for redundancy, this technically also increases the Attack Surface as
well.
Now that the Remote Workforce will be with us for quite some
time to come, this too has greatly expanded the Attack Surface as well. For instance, you no longer have employees
just working from one central location, they are now all over, working from who
knows where.
Heck, even the improper testing of source code in a Web Application
before it is released to a customer can also expand the Attack Surface. For instance, many software developers use untested
and outdated APIs to build the code, and it still does not get tested.
The Cyberattacker is fully aware of this as well, and this
is a key area in which they can inject malicious payload for subsequent attacks,
after the app is handed off to the client.
Another catalyst for the expansion of the Attack Surface is
the sheer deployment of a massive amount of security tools and technologies, without
strategically deploying them. As I have
written before, this all goes back to the old proverbial statement that there
is “Safety In Numbers”. Many CISOs
believed this before COVID19 hit, but now they are realizing that this actually
a huge mistake, and are scaling back, if they still maintain an On Prem Infrastructure.
OK, now that you have some idea of what an Attack Surface
actually is, how do you go about either making sure that you do not expand too
much further, or if have to, how do you protect that expansion? Here are some key tips:
1)
Get a good view of it:
Probably the best way to keep track
of just how big or small your Attack Surface actually is, is to simply map it
out. Now of course, this can be a time consuming
and laborious process if you still have an On Prem Infrastructure. But if you have a Cloud deployment,
especially with Microsoft Azure, you have the tools already in your account to
map it out, in just a matter of minutes.
Best of all, as you move or add resources around your Private Cloud, or even
move them to different data centers worldwide, this map will be updated for you
on a real time basis. No more work is
needed on your end.
2)
Keep an inventory of what you have:
When one thinks of this, the notion
using Excel spreadsheets often comes to mind.
But forget this approach (unless once again, you an On Prem Infrastructure). Once again with Azure, you have the tools to keep
an updated list of all of resources that you have at that moment in time. Heck, you can even load up a list with all of
the resources that have been taken out as well. Also, this is updated in real
time as well.
3)
Make use of dashboards:
Along with Azure, I think that the
AWS also offers dashboards and SIEMs as well.
The idea of these tools is to give you a centralized view in one place
as to all what is happening to your Private Cloud. It is important that you make good use of
these tools, as they are provided as part of the entire package that you are
paying. Not only will you be able to get
a holistic view of your Cloud Infrastructure, btu you can also see the threats
that are lurking out there, and even see of all of the network connections that
you have. Thus, with kinds of tools,
your IT Security team should be able to cultivate a proactive mindset, which is
so important when trying to keep your Attack Surface as small as possible.
My Thoughts On This
Based upon the tips I just gave you; your first thoughts are
that I am simply pumping out the needs to go the Cloud. But actually I am not. Yes, the Cloud has its advantages as well
disadvantages (especially when it comes to data leakages), and in fact I know
of many SMBs who have still opted to maintain their On Premises Infrastructure.
But by migrating to something like Microsoft Azure, once
again, you already have the tools in place to help you understand the depth of your
Attack Surface in just a matter of minutes, as opposed to doing this on manual
basis. These minutes become absolutely
critical especially when dealing with today’s Cyber threat landscape.
Also keep in mind that yet another driver for the growth of
the Attack Surface is also the Internet of Things, or also known as the “IoT”
for sort. This is where all of the
objects that we interact with both in the physical and virtual worlds are all interconnected
together. Sop keep this in mind if you are planning to implement IoT based
devices for your company.
No comments:
Post a Comment